The releasenotes from the patchset 21 state:Problem: ASV does not work as member server to Windows 2008 domain

Solution: There is a policy which exists on Windows 2008 domain controllers that will allow the domain controller to allow NT4 clients. The policy is under "Computer Configuration->Administrative Templates->System->Netlogon-> Allow cryptography algorithms compatible with Windows NT 4.0".

You need to enable this policy in order for ASV to correctly function as member server in Windows 2008 domain.

Do I need to upgrade to the 7b version before this change will work? In the process of the PDC being upgraded the name was also changed. When I went into the pwrk$config to change the PDC I get an error creating the SAM database. During the procedure it appeared that the username and password were accepted but in exiting the configuration there was an error creating the SAM database.

I was hoping to get this up for the users and do the upgrade at a less busy time.

You can install the 7.3B-eco1 directly over the V7.3A. No need to go to V7.3-B in between.Also make sure that you have enabled the folowing named pipes to be accessed anonymously:netlogon, samr, lsarpc.Do this in the snapin "local Security Policy"under local policies, security options.

Dean,Forgot to mention that with this setup / combination of software, you can map drives but the command $ admin logon will still fail.There is no solution yet for $ admin logon.Management will have to be done from Windows.

Dean, you're not going to be able to do anything until the W2K8 (R2) DCs have that policy enabled. Once enabled, v7.3A should work (the NETLOGON service should start, confirm with $ ADMIN SHOW SERVICES).

Same scenario...the PDC Emulator was upgraded to Windows 2008. Share mapping worked fine after setting the policy above, however external authentication fails. Assigned the PDC role to the one remaining Windows 2003 DC and we're back in business. What are we missing? Thanks, John.

Microsoft has largely retired the old and insecure domain controller authentication system, as part of its migration to Microsoft Active Directory (AD) and its related authentication implementation.

And HP has largely retired Advanced Server; the path forward for OpenVMS users here is the CIFS/Samba package.

Some vendors have implemented a "magic triangle" configuration with Open Directory servers and Microsoft Active Directory providing services for their respective platforms and coordinating access across the servers and clients, but AFAIK HP has not implemented that with OpenVMS.

Some versions of Samba can also authenticate with AD (see the Samba wiki for details), though I haven't checked any Samba/CIFS version against this. (We use Open Directory and don't run a Windows AD here, so we don't have an AD configuration to test CIFS/Samba with.) As for the version involved, the CIFS/Samba V1.2 ECO1 kit is reportedly based on Samba 3.0.28a.

The closest you can get with OpenVMS and distributed authentication here is likely the LDAP login extensions and whatever AD pieces are in CIFS/Samba. (These are obviously fairly limited and somewhat complex to establish, and the VMS distributed authentication provide only passwords and password-related authentcation features. VMS didn't migrate the other login-related attributes and settings out into the LDAP directory. But that's not specific to nor does it provide authentication for PATHWORKS nor Advanced Server.)

And to make the future and plans for this whole configuration somewhat more complex, the Samba folks adopted GPLv3 at their version 3.2. I don't know if HP has made any statements around their plans for newer versions of CIFS on OpenVMS. HP may decide to remain on an earlier (3.0.x) version, for that matter.